1 Featured Article for top of Blog Page

Meeting EMV Requirements in the Hospitality Industry

Half of credit card fraud happens in the United States, often as a  direct result of magnetic-stripe cards that are easy to counterfeit or steal data from. 2015 was the year when forces combined to demand a transition away from magnetic-stripe cards to cards equipped with EMV technology (“Europay, MasterCard, Visa). These cards come with a small computer chip that drastically increases security. As of October 2015, businesses that don’t have an EMV processing device could be held liable for fraudulent card transactions originating from their business. Few industries are unaffected by this liability shift, and as a result there has been a scramble to work with payment solution providers like POSDATA to ensure large-scale EMV transitions are handled professionally and efficiently.

Case Study: The Problem

In the hospitality industry, every business decision centers on providing first-class, personalized service to every guest. Part of this first-class service is ensuring the security of all guests. In October of 2014, a major provider of hospitality property management software systems realized they would need to adapt to the heightened EMV requirements to ensure the users of their software (hotels & spas) were keeping their guests’ payment information secure. The provider began with a full review of the payment systems that interacted with the technologies they provided to their clients. The review revealed numerous improvements that would need to be made in the systems they installed at hotels and spas nationwide. Unlike a small business that could quickly replace just a few aging POS systems, the provider was looking at a large-scale upgrade for nearly 2000 different properties.

The provider first turned to Ingenico for assistance in the migration to EMV-compatible systems. Ingenico advised them that a third party payment solution specialist would be critical in overseeing the successful configuration and deployment of such a high quantity of terminals. They recommended POSDATA as their third party solutions provider because of a history of excellence in being knowledgeable, consultative and perfective in the rollout and ongoing management of payment technologies.

Case Study: The Solution

It was critical the new payment terminals being deployed to the locations were standardized company-wide and pre-configured to operate perfectly right out of the box. POSDATA provided custom-configuration, staging and deployment of the terminals straight from their Louisville, Kentucky headquarters. Each device was loaded with the point-to-point keys and the pin encryption key. The appropriate cable and power supplies were combined with the solution and shipped to each individual destination.

Equally important, POSDATA offered ongoing managed services for these end users. Now whenever a property needs to purchase new devices or repair their existing payment terminals, they can call POSDATA directly to handle everything. POSDATA is able to recommend the ideal combination of payment technologies for each location, all while ensuring all EMV requirements are taken in account and built into the final solution.

As a longstanding leader in the payment services industry, POSDATA has evolved over the years to be able to easily accommodate both high and low-volume requests of our clients. We are proud of our ability to manage so many moving pieces and keep our clients happy and secure.


The preceding article is available as a printable case study. Access it here.

Setting Up Your EMV Payment Solution

Business owners, card issuers and payment processors throughout the United States are now in the process of switching over to EMV. Despite plenty of time to prepare, there are ongoing reports that the transition process has been very rocky and US merchants as a whole are not prepared. Many businesses are being pressured into a quick EMV solution that doesn’t take into consideration their specific need.

EMV technology was designed to authenticate cards at card-present payment terminals. It helps to prevent the use of fraudulent cards in stores better than traditional magnetic stripe cards. However, EMV is not 100% secure nor was it designed as a security method to protect the merchant’s payment environment. This means that a well-constructed EMV solution requires the use of layered security to protect sensitive cardholder data, including:

P2PE.All card data should be encrypted from the time it is keyed, swiped, tapped or inserted. Merchants should use a device that encrypts at the point a payment terminal interacts with a card or mobile wallet so that no payment information is ever in the clear and at risk of being stolen by a savvy hacker. This shrinks the merchant’s cardholder data environment to the secure device level, reducing much of the merchant’s breach profile and their PCI DSS scope along with it—something that EMV alone can’t do.

Tokenization. All card data should be removed from the merchant environment and placed under the protection of an organization that considers the security of their merchant customers’ payment processing its primary job. To do this, merchants must adopt a security- or storage-based tokenization solution, which replaces sensitive cardholder data with non-decryptable information that is meaningless to all but a select few. This differs from emerging “payment token” solutions, such as those offered by mobile wallets, by providing security for merchant systems, not just individual consumers.

EMV. EMV has merit for authenticating card-present transactions. Still, merchants should implement EMV in a strategic fashion, making sure to add the layered security of P2PE and tokenization to protect their customers’ payment information from data thieves by removing that sensitive data from the merchant environment entirely.

Though big undertakings such as the transition to EMV can be confusing, merchants must not be pressured into a quick solution that doesn’t meet their specific needs. Instead, they should take the time necessary to implement EMV as a step in the path to true security, not as a security solution in and of itself.

By layering EMV with the security of P2PE and tokenization, merchants can better authenticate cards used at card-present payment terminals, with the added bonus of securing that card data throughout the transaction process and within their systems and networks. This will ensure that their environment – and their customers’ payment information – is protected against the attacks of hackers.


POSDATA is your trusted source in the transition to EMV. We advise organizations of all sizes on payment processes and products. To learn more, Contact Us.